<?php
/*
	[LocoySpider] (C)2005-2010 Lewell Inc.
	火车采集器 Discuz-x 1.0  UTF-8 帖子发布接口
	最后更新:2010.06.23 by RQ204
*/

/********密码验证***********/
$password='1';				                   //这个密码是登陆验证用的.您需要在模块里设置和这里一样的密码....注意一定需要修改.
if($password!=$_GET['pw']) exit('验证密码错误');   //安全检测,密码不符则退出


/******随机回复用户名设置,用户可自行修改******/
$replyers="";                    				   //随机回复的用户名,为空的话则不使用,多个用户名之间用 , 分开,如 $replyers="'admin2','admin3'";  


/******以下代码加载并设置数据库配置,非专业人员不建议修改********/
include('config/config_global.php');					//加载数据库配置
$dbhost=$_config['db']['1']['dbhost'];
$dbuser=$_config['db']['1']['dbuser'];
$dbpw=$_config['db']['1']['dbpw'];
$dbname=$_config['db']['1']['dbname'] ;
$tablepre=$_config['db']['1']['tablepre'];
$dbcharset = 'utf8';			                       // MySQL 字符集, 可选 'gbk', 'big5', 'utf8', 'latin1', 留空为按照论坛字符集设定
$charset = 'utf8';			                       // 论坛页面默认字符集, 可选 'gbk', 'big5', 'utf-8'
/****以下代码对数据进行安全过滤,非专业人员不建议修改***************/
set_magic_quotes_runtime(0);
define('MAGIC_QUOTES_GPC', get_magic_quotes_gpc());
$timestamp=time();
if(PHP_VERSION < '4.1.0') {
	$_GET = &$HTTP_GET_VARS;
	$_POST = &$HTTP_POST_VARS;
	$_COOKIE = &$HTTP_COOKIE_VARS;
	$_SERVER = &$HTTP_SERVER_VARS;
	$_ENV = &$HTTP_ENV_VARS;
	$_FILES = &$HTTP_POST_FILES;
}

if (isset($_REQUEST['GLOBALS']) OR isset($_FILES['GLOBALS'])) {
	exit('Request tainting attempted.');
}

foreach(array('_COOKIE', '_POST', '_GET') as $_request) {
	foreach($$_request as $_key => $_value) {
		$_key{0} != '_' && $$_key = daddslashes($_value);
	}
}

if (!MAGIC_QUOTES_GPC && $_FILES) {
	$_FILES = daddslashes($_FILES);
}

/*****************以下是核心的处理代码******************/

$db=new db($dbhost,$dbuser,$dbpw,$dbname,$charset,$dbcharset);//创建数据库链接

if($_POST){
	extract($_POST,EXTR_OVERWRITE);//获取POST过来的参数
	/***以上为数据检测及赋值**/	
	$userinfo=$db->fetch_first("Select uid as uid , username from {$tablepre}common_member where usernamelog='$username'");
	if(!$userinfo) exit("不存在用户$username");
	$uid=$userinfo['uid'];
	$username=$userinfo['username'];
	$nameexit=$db->fetch_first("SELECT fid FROM {$tablepre}forum_forum WHERE status='3' AND name='$name'");
	if($nameexit) {
	exit("已经存在公司$name");
		}
	//先处理主题（字段special=4是标识这个主题是活动）
	$sql="INSERT INTO {$tablepre}forum_forum (fup, type, name, status, level)VALUES ('$fup', 'sub', '$name', '3', '1')";
	$db->query($sql);
	$newfid=$db->insert_id();
	if($newfid) {
	$sql="INSERT INTO {$tablepre}forum_forumfield (fid, description, jointype, gviewperm, dateline, founderuid, foundername, membernum,web,tel,email,address,icon,remarks,banner)VALUES ('$newfid', '$description', '2', '1', '$timestamp', '$uid', '$username', '1','$web','$tel','$email','$address','$icon','$remarks','$icon')";
	$db->query($sql);
	}
	$sql="UPDATE {$tablepre}forum_forumfield SET groupnum=groupnum+1 WHERE fid='$fup'";
	$db->query($sql);
	$sql="INSERT INTO {$tablepre}forum_groupuser (fid, uid, username, level, joindateline) VALUES ('$newfid', '$uid', '$username', '1', '$timestamp')";
	$db->query($sql);
	exit("sucess");
}else
{
	echo "<select name='list'>";
	echo maketree($cates,0,'');
	echo '</select>';
}
/***生成目录的一个遍历算法***/
function maketree($ar,$id,$pre)
{
	$ids='';
	foreach($ar as $k=>$v){
		$pid=$v['pid'];
		$cname=$v['cname'];
		$cid=$v['cid'];
		if($pid==$id)
		{
			$ids.="<option value='$cid'>{$pre}{$cname}</option>";
			foreach($ar as $kk=>$vv)
			{
				$pp=$vv['pid'];
				if($pp==$cid)
				{ 
					$ids.=maketree($ar,$cid,$pre."&nbsp;&nbsp;");
					break;
				}
			}
		}
	}
	return $ids;
}

/****************************以下为公共类库及函数库******************************/
function daddslashes($string, $force = 0) {
	!defined('MAGIC_QUOTES_GPC') && define('MAGIC_QUOTES_GPC', get_magic_quotes_gpc());
	if(!MAGIC_QUOTES_GPC || $force) {
		if(is_array($string)) {
			foreach($string as $key => $val) {
				$string[$key] = daddslashes($val, $force);
			}
		} else {
			$string = addslashes($string);
		}
	}
	return $string;
}


/*当前为数据库操作类库*/
class db {

	var $mlink;

	function db($dbhost, $dbuser, $dbpw, $dbname = '',$charset='gbk',$dbcharset='gbk', $pconnect=0){
		if($pconnect){
			if(!$this->mlink = @mysql_pconnect($dbhost, $dbuser, $dbpw)){
				$this->halt('Can not connect to MySQL');
			}
		} else {
			if(!$this->mlink = @mysql_connect($dbhost, $dbuser, $dbpw)){
				$this->halt('Can not connect to MySQL');
			}
		}
		if($this->version()>'4.1'){
			if('utf-8'==strtolower($dbcharset)){
				$dbcharset='utf8';
			}
			if($dbcharset){
				mysql_query("SET character_set_connection=$dbcharset, character_set_results=$dbcharset, character_set_client=binary", $this->mlink);
			}
			if($charset){
				mysql_query("SET $charset", $this->mlink);
			}
			
			if($this->version() > '5.0.1'){
				mysql_query("SET sql_mode=''", $this->mlink);
			}
		}
		if($dbname){
			mysql_select_db($dbname, $this->mlink);
		}
	}

	function select_db($dbname){
		return mysql_select_db($dbname, $this->mlink);
	}
	
	function get_array($sql){
		$list = array();
		$query=$this->query($sql);
		while($row=$this->fetch_array($query)){
			$list[]=$row;
		}
		return $list;
	}
	
	function fetch_array($query, $result_type = MYSQL_ASSOC){
		return (is_resource($query))? mysql_fetch_array($query, $result_type) :false;
	}

	function result_first($sql){
		$query = $this->query($sql);
		return $this->result($query, 0);
	}

	function fetch_first($sql){
		$query = $this->query($sql);
		return $this->fetch_array($query);
	}
	
	
	function fetch_total($table,$where='1'){
		return $this->result_first("SELECT COUNT(*) num FROM ".DB_TABLEPRE."$table WHERE $where");
	}
	
	function query($sql, $type = ''){
		global $mquerynum;
		$func = $type == 'UNBUFFERED' && @function_exists('mysql_unbuffered_query') ? 'mysql_unbuffered_query' : 'mysql_query';
		if(!($query = $func($sql, $this->mlink)) && $type != 'SILENT'){
			$this->halt("MySQL Query Error",'TRUE',$sql);
		}
		$mquerynum++;
		return $query;
	}

	function affected_rows(){
		return mysql_affected_rows($this->mlink);
	}

	function error(){
		return (($this->mlink) ? mysql_error($this->mlink) : mysql_error());
	}

	function errno(){
		return intval(($this->mlink) ? mysql_errno($this->mlink) : mysql_errno());
	}

	function result($query, $row){
		$query = @mysql_result($query, $row);
		return $query;
	}

	function num_rows($query){
		$query = mysql_num_rows($query);
		return $query;
	}

	function num_fields($query){
		return mysql_num_fields($query);
	}

	function free_result($query){
		return mysql_free_result($query);
	}

	function insert_id(){
		return ($id = mysql_insert_id($this->mlink)) >= 0 ? $id : $this->result($this->query('SELECT last_insert_id()'), 0);
	}

	function fetch_row($query){
		$query = mysql_fetch_row($query);
		return $query;
	}

	function fetch_fields($query){
		return mysql_fetch_field($query);
	}

	function version(){
		return mysql_get_server_info($this->mlink);
	}

	function close(){
		return mysql_close($this->mlink);
	}

	function halt($msg, $debug=true, $sql=''){
		@ini_set("date.timezone","Asia/Shanghai");
		$output .="<html>\n<head>\n";
		$output .="<meta http-equiv=\"Content-Type\" content=\"text/html; charset=".$charset."\">\n";
		$output .="<title>$msg</title>\n";
		$output .="</head>\n<body><table>";
		$output .="<b>MySql Error Info</b><table><tr><td width='100px'><b>Message</b></td><td>$msg</td></tr>\n";
		$output .="<tr><td><b>Time</b></td><td>".date("Y-m-d H:i:s")."<br /></td></tr>\n";
		$output .="<tr><td><b>Script</b></td><td> ".$_SERVER['PHP_SELF']."<br /></td></tr>\n\n";
		$output .="<tr><td><b>SQL</b></td><td> ".htmlspecialchars($sql)."<br />\n</td></tr><tr><td><b>Error</b></td><td>  ".$this->error()."</td></tr><br />\n";
		$output .="<tr><td><b>Errno.</b></td><td>  ".$this->errno()."</td></tr></table>";
		$output .="\n</body></html>";
		echo $output;
		exit();
	}
	
}

?>